Merge commit '0.11.1'

Conflicts:
	NEWS
	bindings/python/notmuch/database.py
	bindings/python/notmuch/message.py
	notmuch.1

NEWS merged by hand, others taken from master.

NEWS

@@ -56,6 +56,30 @@ Compatibility with GMime 2.6
   However, a bug in current GMime 2.6 causes notmuch not to report
   signatures where the signer key is unavailable (GNOME bug 668085).
 
+Notmuch 0.11.1 (2012-02-03)
+===========================
+
+Bug-fix release.
+----------------
+
+Fix error handling in python bindings.
+
+  The python bindings in 0.11 failed to detect NULL pointers being
+  returned from libnotmuch functions and thus failed to raise
+  exceptions to indicate the error condition. Any subsequent calls
+  into libnotmuch caused segmentation faults.
+
+Quote MML tags in replies
+
+  MML tags are text codes that Emacs uses to indicate attachments
+  (among other things) in messages being composed.  The Emacs
+  interface did not quote MML tags in the quoted text of a reply.
+  User could be tricked into replying to a maliciously formatted
+  message and not editing out the MML tags from the quoted text.  This
+  could lead to files from the user's machine being attached to the
+  outgoing message.  The Emacs interface now quotes these tags in
+  reply text, so that they do not effect outgoing messages.
+
 Notmuch 0.11 (2012-01-13)
 =========================
 

bindings/python/notmuch/version.py

@@ -1,2 +1,2 @@
 # this file should be kept in sync with ../../../version
-__VERSION__ = '0.11'
+__VERSION__ = '0.11.1'

debian/changelog

@@ -1,3 +1,11 @@
+notmuch (0.11.1-1) unstable; urgency=low
+
+  * Upstream bugfix release
+    - Fix error handling bug in python bindings
+    - Fix vulnerability in emacs reply handling
+
+ -- David Bremner <bremner@debian.org>  Fri, 03 Feb 2012 08:35:41 -0400
+
 notmuch (0.11-1) unstable; urgency=low
 
   * New upstream release.

emacs/notmuch-mua.el

@@ -116,7 +116,12 @@ list."
     (push-mark))
   (set-buffer-modified-p nil)
 
-  (message-goto-body))
+  (message-goto-body)
+  ;; Original message may contain (malicious) MML tags.  We must
+  ;; properly quote them in the reply.  Note that using `point-max'
+  ;; instead of `mark' here is wrong.  The buffer may include user's
+  ;; signature which should not be MML-quoted.
+  (mml-quote-region (point) (point-max)))
 
 (defun notmuch-mua-forward-message ()
   (message-forward)

test/emacs

@@ -273,6 +273,26 @@ On 01 Jan 2000 12:00:00 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> w
 EOF
 test_expect_equal_file OUTPUT EXPECTED
 
+test_begin_subtest "Quote MML tags in reply"
+message_id='test-emacs-mml-quoting@message.id'
+add_message [id]="$message_id" \
+	    "[subject]='$test_subtest_name'" \
+	    '[body]="<#part disposition=inline>"'
+test_emacs "(notmuch-show \"id:$message_id\")
+	      (notmuch-show-reply)
+	      (test-output)"
+cat <<EOF >EXPECTED
+From: Notmuch Test Suite <test_suite@notmuchmail.org>
+To: 
+Subject: Re: Quote MML tags in reply
+In-Reply-To: <test-emacs-mml-quoting@message.id>
+Fcc: ${MAIL_DIR}/sent
+--text follows this line--
+On Tue, 05 Jan 2001 15:43:57 -0000, Notmuch Test Suite <test_suite@notmuchmail.org> wrote:
+> <#!part disposition=inline>
+EOF
+test_expect_equal_file OUTPUT EXPECTED
+
 test_begin_subtest "Save attachment from within emacs using notmuch-show-save-attachments"
 # save as archive to test that Emacs does not re-compress .gz
 test_emacs '(let ((standard-input "\"attachment1.gz\""))

version

@@ -1 +1 @@
-0.11
+0.11.1